Researchers found a total of nine software vulnerabilities in a commonly used metal detector productResearch has shown that, if exploited, these security vulnerabilities may allow hackers to take the detector offline, read or change its data, or simply interfere with its function.ls.
The product in question is caused by Garrett It is a well-known American metal detector manufacturer whose products are sold in schools, courts, prisons, airports, sports and entertainment venues, and various government buildings. Its website and other website. In other words, their products are almost everywhere.
Unfortunately, according to the researchers Cisco Talos, Widely used by Garrett Integrated circuit module I’m in trouble.This product provides network connections for the company’s two popular walk detectors (Garrett PD 6500i and Garrett MZ 6100), basically acting as a control center for the detector operator: using a laptop or other interface, the operator can use the module to remotely control Detectors, and perform “real-time monitoring and diagnosis”, according to A website Sales Products.
In a blog post Talos researchers released on Tuesday stated that the vulnerability in iC has been formally tracked as A bunch of CVE, May allow someone to hack into specific metal detectors, take them offline, execute arbitrary code, and usually just mess things up.
“An attacker can manipulate this module to remotely monitor the statistics of the metal detector, such as whether an alarm has been triggered or how many visitors have passed by,” The researcher wrote“They can also change the configuration, such as changing the sensitivity level of the device, which may pose a safety risk to users who rely on these metal detectors.”
G/O Media may receive commissions
In short: this is bad news. Generally speaking, no one really wants to pass through a metal detector. However, if you were to iterate over one, it might also work, right? Although the scenario where an attacker will actually spare no effort to invade these systems may seem small or even fantasy, it seems a good idea to have functional security systems in important locations such as airports and government agencies.
Fortunately, Talos stated that users of these devices can mitigate security vulnerabilities by updating their iC modules to the latest version of the firmware. Talos wrote that Cisco apparently disclosed the vulnerabilities to Garrett in August, and the vendor only fixed the vulnerabilities on December 13.
We contacted Garrett’s security department for comment, and if they respond, we will update this story.
